CVEDB API

Vulnerabilities

Vulnerable Software

Mkportal: Security Vulnerabilities

CVE-2006-3554

Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter.

CVSS Score

7.5

EPSS Score

0.015

Published

2006-07-13

CVE-2006-2066

Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters.

CVSS Score

4.3

EPSS Score

0.097

Published

2006-04-27

CVE-2006-2067

SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter.

CVSS Score

7.5

EPSS Score

0.005

Published

2006-04-27

Page 2

Vulnerabilities

Vulnerable Software

Mkportal: Security Vulnerabilities

Products

Pricing

Contact Us